Communication is, indeed, a two-way street. We in IT will try to be clear and explain things users need to know. Is it too much to ask for them to keep us in the loop as well?
Not long ago, our company was hit with a major virus that completely disabled one of our accounting machines. It's the normal virus attempt where a seemingly innocent zip file is sent, someone opens it, they click to execute the program, and boom -- look out.
[ Also on InfoWorld: Is your pay measuring up? The 2014 tech salary guide. | Pick up a $50 American Express gift cheque if we publish your story: Send it to email@example.com. | Get a dose of workplace shenanigans -- follow Off the Record on Twitter. ]
While we were fortunate to isolate it and stop further infection, the data on the machine was unrecoverable. I spent the majority of two days locking down the network for certain executables, blocking zip attachments, and scanning to make sure we wouldn't get hit again.
Damage control -- and education
Since the machine was from accounting, I had to talk to several people, including the accounting boss, and let them know the how, what, when, where, and why of the incident.
I answered their questions, not necessarily in this order:
- Yes, we're covered in the future from this particular virus.
- No, I can't get the machine's data back.
- No, we don't have a recent backup of the machine.
- Yes, the employee should have put the data on the network to make sure it would be backed up.
And so on and so forth.
The accounting department deemed the incident catastrophic, but our department escaped blame due to the user's known lack of computer knowledge. Many people work from home, and we took the opportunity to refresh users on where to put data, to review security best practices, and to remind them to alert us immediately if anything seemed suspicious.